Fix external CA installation

When re-creating the CADS instance it needs to be more fully-populated
so we have enough information to create an SSL certificate and move
the principal to a real entry.

https://fedorahosted.org/freeipa/ticket/1245

install/tools/ipa-server-install

@@ -766,7 +766,7 @@ def main():
                 # This can happen if someone passes external_ca_file without
                 # already having done the first stage of the CA install.
                 sys.exit('CA is not installed yet. To install with an external CA is a two-stage process.\nFirst run the installer with --external-ca.')
-            cs = cainstance.CADSInstance(dm_password=dm_password)
+            cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
             ca.configure_instance(host_name, dm_password, dm_password,
                                   cert_file=options.external_cert_file,
                                   cert_chain_file=options.external_ca_file,
@@ -811,7 +811,7 @@ def main():
         cs.create_certdb()
         cs.enable_ssl()
         # Add the IPA service for storing the PKI-IPA server certificate.
-        cs.add_simple_service('dogtagldap/%s@%s' % (host_name, realm_name))
+        cs.add_simple_service(cs.principal)
         cs.add_cert_to_service()
 
     # Create a kerberos instance

ipaserver/install/cainstance.py

@@ -217,20 +217,22 @@ def get_outputList(data):
     return outputdict
 
 class CADSInstance(service.Service):
-    def __init__(self, realm_name=None, domain_name=None, dm_password=None):
+    def __init__(self, host_name=None, realm_name=None, domain_name=None, dm_password=None):
         service.Service.__init__(self, "pkids")
+        self.serverid = "PKI-IPA"
         self.realm_name = realm_name
         self.dm_password = dm_password
         self.sub_dict = None
         self.domain = domain_name
-        self.serverid = None
+        self.fqdn = host_name
-        self.fqdn = None
         self.dercert = None
         self.pkcs12_info = None
         self.ds_port = None
         self.master_host = None
         self.nickname = 'Server-Cert'
         self.subject_base = None
+        if host_name and realm_name:
+            self.principal = "dogtagldap/%s@%s" % (self.fqdn, self.realm_name)
         if realm_name:
             self.suffix = util.realm_to_suffix(self.realm_name)
             self.__setup_sub_dict()
@@ -242,7 +244,6 @@ class CADSInstance(service.Service):
                         subject_base=None):
         self.ds_port = ds_port
         self.realm_name = realm_name.upper()
-        self.serverid = "PKI-IPA"
         self.suffix = util.realm_to_suffix(self.realm_name)
         self.fqdn = host_name
         self.dm_password = dm_password